[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] PAM and CobaltOS 5.0
- Subject: Re: [cobalt-security] PAM and CobaltOS 5.0
- From: Jeff Lovell <jlovell@xxxxxxxxxx>
- Date: Mon, 24 Jul 2000 15:32:42 -0700
- Organization: Cobalt Networks, Inc.
Gossi The Dog wrote:
>
> However, PAM is still ownable. Cobalt missed it and didn't issue a patch
> by the looks of it (nothing on cobalt.com). Since PAM itself is still
> vun, it's probably possible to exploit it (just not through userhelper).
PAM is vulnerable through bad coding. At present time there are no
other known programs shipped on Cobalt boxes that exploit this problem
in PAM. If there is a reproducible exploit with PAM version shipping
on our RaQs it will not likely be updated.
Jeff
--
Jeff Lovell
Cobalt Networks, Inc.